TidBITS#772/28-Mar-05
=====================
If one of your credit card numbers was stolen, do you know
how to deal with it? Adam shares his first-hand experience
and offers suggestions for minimizing your risk and annoyance.
Also this week, Matt Neuburg paints a favorable picture of
Purgatory Design's Intaglio drawing software. In the news,
we cover the release of BBEdit 8.1 and an iPod photo software
update, note Apple's settlement with a guy who leaked Tiger
seeds, and pass on a DealBITS discount for TARI's GoodPage
HTML editor.
Topics:
MailBITS/28-Mar-05
Intaglio: May the Quartz Be with You
Stolen Credit Card Numbers and Companies with a Clue
Hot Topics in TidBITS Talk/28-Mar-05
Copyright 2005 TidBITS: Reuse governed by Creative Commons license
Contact:
---------------------------------------------------------------
This issue of TidBITS sponsored in part by:
* READERS LIKE YOU! Help keep TidBITS great via our voluntary
* SMALL DOG ELECTRONICS: Great Bundle!
AirPort-ready 12-inch iBook with iPod mini - $999!
DLO iBoom Boom Box for iPod or iPod mini - $119
Visit: 800-511-MACS
* GET FETCH FOR FREE! Fetch Softworks makes Fetch, the original !
* Dr. Bott, LLC: A 400 GB drive without an AC adapter?
* Web Crossing, Inc: Site Crossing brings Web Crossing power to
* Available in anodized Aluminum, White Aluminum, Black Aluminum,
* Circus Ponies NoteBook: Never lose anything again. NoteBook
* Awarded 4 mice by Macworld, Nisus Writer Express 2.1
is the writer's word processor that is both powerful
and easy to use. Use coupon code "TidBits" and receive
a $10.00 discount!
---------------------------------------------------------------
MailBITS/28-Mar-05
------------------
**Apple Settles with One Tiger Leaker** -- Apple Computer has
settled out of court with Doug Steigerwald, a recent graduate of
North Carolina State University and an Apple Developer Connection
member who admitted to sharing seeds of Mac OS X 10.4 Tiger on
the Internet. Steigerwald will pay Apple an unspecified amount,
but News.com quoted Apple as saying, "It is not our desire to send
students to jail." Legal action remains pending against two other
men in the case, which was filed in December and is separate from
other lawsuits Apple has filed against Macintosh rumor sites.
Steigerwald also still faces a criminal investigation. [ACE]
**DealBITS Drawing: GoodPage Winners** -- Congratulations to
Dana Ostrow of columbia.edu, whose entry was chosen randomly
in last week's DealBITS drawing and who received a copy of TARI's
GoodPage graphical HTML authoring tool, worth $149. Dana was
referred to this week's DealBITS drawing by Seth Theriault of
sdf.lonestar.org, and as such, Seth will also be receiving a copy
of GoodPage. Even if you didn't win, you can save $75 off the list
price of GoodPage through 04-Apr-05 using the coupon code DEALBITS
when purchasing from within the 30-day trial version of the
application; this offer is exclusive to TidBITS readers. Thanks
to the 945 people who entered, extra thanks to the 87 people who
entered after being referred to DealBITS, and for those of you
who subscribed after entering DealBITS, welcome to TidBITS! Keep
an eye out for future DealBITS drawings, and remember that telling
your friends, family, and colleagues about new drawings is a great
way to increase your chances of receiving a prize; nearly 10
percent of our entries this time came from people who learned
about DealBITS from a friend, and I'd like to see that increase.
[ACE]
**BBEdit 8.1 Adds Source Control Support** -- Bare Bones Software
has released BBEdit 8.1, adding support for the Subversion source
control management application to the powerful text editor. The
update also enhances the Text Factory feature by adding new menus
and palettes, and incorporates numerous other fixes (including
the "triumphant return" of Command-Option-double-click for Find
Selection). BBEdit 8.1 is a free update for registered users of
BBEdit 8, and is an 11.8 MB download; it requires Mac OS X 10.3.5
or later. [JLC]
**iPod Updater 2005-03-23 Released** -- Apple last week released
an update for iPod photo owners. The hefty 28.9 MB iPod Updater
2005-03-23 brings the iPod software to version 1.1 and adds
support for Apple's forthcoming $30 iPod Camera Connector
(announced in February, and now available for order from Apple's
online store). It also improves slideshow transitions. The updater
is available via Software Update or as a separate download.
Although this update offers nothing new for owners of other iPod
product lines, it does include the most recent software versions
for each model (hence the huge download). [JLC]
Intaglio: May the Quartz Be with You
------------------------------------
by Matt Neuburg
Remember the magical feeling you had when you first used a
Macintosh, and played with those early bundled applications,
MacPaint and MacDraw? The magic - though you may not have
been conscious of this at the time - lay in the fact that these
tiny applications were essentially just showcases for the Mac's
underlying technology. You could draw a square or an oval, with
a thick or thin line, filled solid or with a pattern, because
those were all basic QuickDraw primitives; in effect, you were
accessing the very same code that gave the Mac itself its
distinctive look, allowing it to draw windows and buttons in
the first place.
You can still recapture some of that first careless rapture by
playing a little with the Paint and Draw modules of AppleWorks,
if you have it; these are intended to emulate (and may, in a
sense, be direct descendants of) MacPaint and MacDraw, though
naturally with some modern touches. SuperPaint, the subject of
one my earliest TidBITS reviews, was another MacPaint/MacDraw
knock-off; it's no longer available, but if you have a copy lying
around, you'll find it still runs pretty well under Classic.
In Mac OS X, QuickDraw is no longer the system's native windowing
and screen-painting technology; that honor goes to Quartz. The
look of Mac OS X comes in large part from the fact that Quartz
provides native support for Bezier paths and coordinate transforms
(for rotation, skewing, and scaling), along with sophisticated
effects such as transparency, shadows, and gradients.
Intaglio, from Purgatory Design, aims to put Quartz's capabilities
at your fingertips much as MacDraw did for QuickDraw. And, to a
remarkable degree, I think it succeeds.
**Draw, Pardner** -- Intaglio is a drawing program. The palette of
tools is straightforward. Some tools create vector objects: line,
rectangle, round rectangle, polygon, oval, and arc; freehand
pencil and Bezier curve pen; text; dimensioned line. Click any
of these, then click and drag in a document, and you're drawing.
Other tools work with existing objects or help you with the
document as a whole: selection (and point selection, for working
with Bezier curves), gradient, eyedropper, measure, and zoom.
You have to learn a few "click tricks," which for the most part
are standard and are probably second nature to most users of
drawing programs. While creating a geometric shape, Shift-drag
to make a circle or a square, and Option-drag to create the
shape starting at its center. Option-drag an arc's center point
to change its radius. Option-drag an object to duplicate it.
Shift-drag an object to constrain motion to horizontal or
vertical. Option-drag a Bezier point to drag out new Bezier
handles. Option-drag a Bezier handle to move it independently
of the other handle.
A full panoply of toolbars and inspector windows lets you set
various attributes of the selected object: the color and
transparency of its fill; the color and transparency, thickness,
arrows, dash pattern, and join and end-cap types of its stroke
(outline). There is also a standard set of devices to help you
draw, such as snap to grid, guidelines, alignment of multiple
objects, and object grouping and locking.
The fun really begins when you start applying some
characteristically Quartzian transformations and attributes to
an object. An object can be resized; it can be rotated or sheared,
around its center or any other point. Bezier paths can be combined
and separated. In a group of objects, the topmost object can act
as a mask for the rest of the group; similarly, a bitmap image
object can be cropped by grouping a vector object with it, giving
the group a mask attribute, and converting back to a bitmap image.
An object's fill can be a pattern, meaning a tiled repetition of
_any_ rectangular drawing. An object's fill can be a gradient.
Transparency is an attribute of every color (a gradient with
different transparency for different colors looks really cool).
You can even apply a convolution, such as Blur, Sharpen, or
Drop Shadow, to an individual object. And when you're working
with text, you have the entire native Cocoa palette of text
tools at your disposal, including margins, indents, tabs,
justification, fonts, kerning, and so forth. Text can have
graphic transformations applied to it and can be bound to
a path (and remains editable), or can be converted to a graphic
for still more transformation.
**Which End Is Up?** As a simple drawing program, I think Intaglio
succeeds admirably. Apart from the "click tricks," the learning
curve required in order for you to draw happily is essentially
non-existent: you start up Intaglio, you experiment for a while,
you get gorgeous-looking results, and all is right with the world.
It also succeeds in giving you the feeling that your toolbox
is really Quartz itself, that behind your simple clicking and
dragging, the power of Mac OS X is bursting out to provide your
drawing with color, transparency, gradients, rotated and skewed
shapes, and snazzy text effects. I can't put my finger on it any
better than to say that Intaglio really does seem to evoke the
same sense of fun and wonder and play in the world of graphics
as MacPaint and MacDraw once did.
If this were all, Intaglio would be a fine low-end drawing
program: pleasant as a toy, helpful as a utility, and more
than enough drawing power for most users. Yet Intaglio also
has some slightly higher-end features. I'm not saying that it
could (or should) be compared with Canvas, CorelDRAW, or Adobe
Illustrator; but some thought has clearly gone into making
Intaglio considerably more than a toy.
For example, Intaglio is remarkably good at importing and
exporting files; you can import images in various formats,
including EPS, vector PICT, native ClarisDraw, and PDF, while
maintaining editability, and when you export to a bitmap format
(by way of QuickTime), the resolution is up to you. Intaglio
is ColorSync-savvy, and can associate a different color profile
with each of a document's color spaces (RGB, CMYK, and Grayscale).
Documents can have pages and layers. You can set document
properties (such as filling in an "author" or "keyword" field),
making Intaglio Spotlight-ready when you upgrade to Mac OS X
10.4 Tiger. Anything you can do manually to an object you can
also do numerically through a dialog. Most remarkable of all,
Intaglio is both scriptable and recordable with AppleScript;
recordability, a rare thing on Mac OS X, means that you can
draw in the normal way and have your actions translated into
AppleScript commands, as an easy aid to learning how to write
those same commands yourself.
Perhaps for this very reason, there is something unsettling
about Intaglio's feature holes and shortcomings. There is no find
feature, for example. A pop-up menu at the bottom of the window
lets you select one attribute of the currently selected object
to be displayed in the window's status bar - such as its type,
index, name, ID, or style - but surely it is obvious that users
would prefer a way of seeing all of that information at once.
The program had no contextual menus at all until very recently.
The manual is poor: it's a Help Viewer document in which it's
hard to find one's way about.
Particularly disappointing is Intaglio's stubborn refusal to
follow prior art, even when it is tried-and-true, familiar, and
universal. Take, for example, the eyedropper tool. In every other
program I use that has an eyedropper tool, it "picks up" features
of the object you click with it, such as its color, into the
corresponding settings palettes, so that all subsequent drawing
you do will have those features, or so that you can modify that
feature (e.g. you might capture this object's yellow into the
Fill palette in order to create a harmoniously paler yellow
for the next object). In Intaglio, clicking with the eyedropper
affects only the currently selected objects (and if no object
is selected, Intaglio beeps). That's silly: it's unnecessary,
since Intaglio can already copy and paste colors between objects,
and it leaves no way to capture colors into the palettes and work
with them there. Intaglio's implementation of styles is similarly
poor. Having styles in a drawing program is definitely a good
thing, because if you're to do more than merely play tediously
with one or two objects at a time, the chances are high that
you're going to want to apply and maintain similar characteristics
for multiple objects as you go along. But the implementation of
styles in Intaglio is clumsy and wrong-headed, when all it had
to do was to imitate AppleWorks, which implements drawing styles
simply and brilliantly.
**Inconclusive Conclusions** -- As so often happens, therefore,
Intaglio ends up being a program I'd love to love and can't quite.
If Intaglio were merely a toy, it would be a great toy. But it
costs $90, which is a substantial investment, and invites the user
to think of the program as endowed with some serious higher-end
qualities. The lack of find, the bewildering manual, and the
behavior of styles, however, goes some way towards cancelling
that invitation. Add to this the fact that, for every new version
of Intaglio that I've downloaded since the start of January, I've
been able to find at least one drawing misbehavior and at least
one crashing bug within an hour of starting to test. Bugs are
no crime - they are proverbially inevitable - but my overall
experience with Intaglio has not filled me with confidence.
Fortunately, it's easy to make up your own mind. A demo version of
Intaglio (you can't save, and printed and exported documents have
a watermark) is available as a 3 MB download. The program requires
Mac OS X 10.2 Jaguar, with Mac OS X 10.3 Panther needed for some
features.
Stolen Credit Card Numbers and Companies with a Clue
----------------------------------------------------
by Adam C. Engst
Credit card number theft is one of those events that seems
to happen only to other people... until it hits you. That
just happened to me, and the repercussions proved a bit more
instructive and far-reaching that I would have initially
anticipated.
**Awkward Dating** -- The first hint that something was wrong
came when Tonya was reviewing the charges on the MasterCard we
use solely for business purchases. There was a $19.95 charge to
something related to Yahoo, but it wasn't possible to tell exactly
what service from the limited information on the credit card
statement. Tonya knew she hadn't ordered anything online that
could have generated such a charge, and when she asked me, I
couldn't remember anything either. To verify that I wasn't simply
losing my memory, I searched all my received email around the
date in question, and even went so far as to search my OmniWeb
history for Yahoo URLs around the date.
The situation was becoming more curious, so Tonya called the
phone number on the credit card statement, and waited on hold
for a while. As she waited, she realized that what she had
called was Yahoo Personals - Yahoo's online dating service.
She immediately yelled for me to get on the phone, figuring
that the whole situation was just going to generate snickers
for the customer service people if they heard a wife calling
to find out about a dating service charge on her husband's credit
card. I was good and refrained from making jokes about how I
didn't even get any dates from Yahoo Personals once the customer
service people came on the line.
It took a little back and forth with Yahoo's customer service
people, since we weren't willing to give them much more personal
information, some of which they claimed they needed to look up the
account that had made the charges. Eventually we got them to tell
us that the Yahoo Personals account did indeed have the same user
name as my My Yahoo account (I immediately changed that account's
password, just for good measure), but that the birth date listed
with the Yahoo Personals account did not match either of our birth
dates. That was sufficient for them to cancel the account and
refund our money.
**Cleaning Up from Cancellation** -- The Yahoo Personals customer
service rep recommended that we cancel the credit card used, which
we were already planning as the next call. Our credit card issuer
was totally on top of it, cancelling the card and issuing us
another one before we'd even had a chance to explain the full
situation. Tonya keeps records of merchants that are automatically
withdrawing from that credit card, so next she reset all of those
accounts. The morning was shot, but it seemed that we were out
of the woods. Unfortunately, it wasn't to be.
A few days later, Tristan and I were out driving when I remembered
that our other car likely had a flat tire due to a slow leak I'd
been monitoring. That normally wouldn't have been an issue, but
Tonya had an appointment before we would be home, and I wanted
to alert her to blow up the tire and to remember her cell phone
in case she needed me to come change the tire while she was out.
In New York State, it's illegal to drive while talking on a cell
phone unless you're using a hands-free system, so I pressed the
speed-dial number for home and handed Tristan the phone so he
could give her the message. A few seconds later he gave me back
the phone, saying "It's being weird." I pulled over and listened,
and indeed, I'd somehow ended up with Verizon Wireless customer
service. I hung up and tried again, and got them again. This time
I waited until I could talk to a person, who promptly informed me
that they had disabled our service because the monthly bill had
been rejected by our credit card - apparently one auto-withdrawal
had slipped past Tonya's record keeping. Luckily, I was able to
use another phone later to walk Tonya through inflating the tire,
but the credit card fraud was increasing in annoyance.
The next week Tonya managed to get the account reinstated, and
protested sufficiently vehemently when Verizon Wireless tried
to charge a $15 fee for doing so that they waived the charge.
She pointed out that it would have been trivial for them to notify
us via voicemail or text messaging that our auto-withdrawal had
failed, but needless to say, the customer service drone couldn't
do anything but forward the feedback (if even that).
That wasn't the end of the bother, though the next one was purely
my fault. I'd set up a Google AdWords account for Take Control
that also withdrew money from that MasterCard, and I'd forgotten
to inform Tonya that it needed to be added to the list of auto-
withdrawal services. As you'd expect, the next time Google tried
to charge money to the card, it was rejected, too.
But here's the difference between Verizon Wireless and Google.
Where Verizon Wireless didn't bother to inform us that they'd
disabled our service and thus caused us unnecessary trouble,
Google sent me a nice email message, informing me of the problem,
telling me that they'd temporarily disabled our ads, and giving
me a link to my account so I could enter a new credit card number.
The entire process took only a couple of minutes, and most of that
was exclaiming to Tonya about how Google had a clue in comparison
to Verizon Wireless.
**Following Up on the Credit Report** -- We were relating this
story to a friend over dinner the other day, who said she'd had a
similar thing happen. In her case, though, the fraud had included
the perpetrator changing the billing address related to the card,
so she hadn't even received a tip-off statement. She recommended
that we run a credit report as well, just to make sure any
additional hanky-panky wasn't going on with our finances.
A bit of investigation revealed that recent U.S. legislation
requires the three major credit reporting companies - Equifax,
Experian, and TransUnion - to provide anyone who asked with a
free credit report once every 12 months (so you can get one credit
report from each company all at once, or you can request a report
from one of the companies every four months to be on the lookout
for problems). Unfortunately, the credit reporting companies
were given quite some time to roll out the service to the entire
country, so although people in western and midwest states can
request their free credit reports right now, people in the south
must wait until 01-Jun-05, and those of us in the eastern states
must wait until 01-Sep-05. (Some states - Colorado, Georgia,
Maine, Maryland, Massachusetts, New Jersey, and Vermont - also
require that residents be allowed to request one or two free
credit reports each year.)
Our friend said she'd used another service called
FreeCreditReport.com, which gives you a free credit report,
but requires that you sign up for a slew of fee-based credit
reporting and monitoring services that could be useful,
particularly if you wanted to be informed about changes to
your credit report over time. You can (and I did) cancel the
membership without paying anything - hence the "free" aspect
of the credit report, and of course, you can pay about $10
for a credit report if you don't want to play the "cancel my
membership" game. Luckily, my credit report showed nothing of
significant concern, though they apparently think I'm a year
younger than I am. I'll have to fix that at some point. It's
entirely likely that other problems haven't shown up yet, and
I plan to start running regular credit reports in September.
**Lessons Learned** -- In this day and age, shopping on the
Internet is simply a fact of life for many people. I don't
believe that using a credit card on the Internet is any more
or less likely to result in credit card number theft than using
it over the phone or in person, but the more you use credit cards,
the more likely it is some miscreant will obtain your number and
abuse it. It's mostly an annoyance with credit cards (though not
necessarily with debit cards!), since your liability is limited
to $50 in the United States, and I've never heard of anyone ever
being charged even that. But the hassle factor can be large, as
our experience proved, and credit card fraud could be the first
step in a more complete identity theft. So, I recommend the
following precautions.
* Review your credit card statements every month, and make sure
you made every purchase. Thieves often charge a small amount,
like our $19.95 fee for Yahoo Personals, to see if you're paying
attention (and if you're not, the purchases will increase).
* Always keep email receipts for online purchases for reference
purposes, and if you anticipate wanting to look back to what
you've done in the past on the Web, use a browser like OmniWeb
or a utility like St. Clair Software's HistoryHound to record
your tracks.
* Although we still have no idea how our credit card number was
stolen, wallet thefts are a common way for this to happen. To
simplify canceling credit cards and other accounts in the event
of such a theft, photocopy the contents of your wallet and store
those pages in a safe location.
* Keep a list of all automatic withdrawals from your credit card
in the event you have to cancel the card. Also remember to write
down merchants (like the iTunes Music Store) that might have
your credit card number stored for sporadic use.
* If you're in the U.S. (other countries may have similar
practices), be sure to take advantage of the free credit reports
to make sure all the information is correct, and if you find
incorrect information, make sure to fix it promptly. Visit the
Federal Trade Commission Web site for additional suggestions
and links to useful resources:
Many instances of credit card number theft may not be within
your sphere of influence. The Register has an article listing
a number of stories of large businesses, educational institutions,
and other organizations losing control of sensitive personal
information in this month alone. There's nothing you can do
about such situations (apart from checking data security practices
when possible), but some common sense and effort on your part can
reduce the impact of credit card number theft if it does happen
to you. I got off easy this time, and I hope this is the end of
the story (for a much more exciting story of credit card number
theft, read the page at the second link below).
Hot Topics in TidBITS Talk/28-Mar-05
------------------------------------
by TidBITS Staff
The second URL below each thread description points to the
discussion on our Web Crossing server, which will be faster.
**Address Book utilities** -- After using the old Address Book
4.2.6 under Mac OS 9, a reader is looking for something similar
that will run under Mac OS X. (2 messages)
**Other options for playing MP3s in your car** -- The iPod's
popularity has sparked many new solutions for playing music in
the car, including in-dash receivers that include AUX inputs on
the front. (4 messages)
**Campaign to make iPods greener** -- A conservation group is
trying to get the word out that the materials that go into an
iPod could be created in a more environmentally friendly manner
(although Apple has a strong environmental stance). But this begs
the question: why single out iPods, when flashlight batteries
and other disposables are similarly harmful? (7 messages)
**DVD Jon vs Apple** -- An article about one developer's ongoing
efforts to circumvent Apple's digital rights management (DRM)
scheme for iTunes prompts discussion of DRM and free markets.
(4 messages)
**How Might Smart Folders Change the Way We Work?** Could the
Smart Folder feature in the upcoming Mac OS X 10.4 Tiger be
a revolution in how people interact with their Macs and their
data? (4 messages)
$$
Non-profit, non-commercial publications may reprint articles if
full credit is given. Others please contact us. We don't guarantee
accuracy of articles. Caveat lector. Publication, product, and
company names may be registered trademarks of their companies.
For information: how to subscribe, where to find back issues,
and more, see . TidBITS ISSN 1090-7017.
Send comments and editorial submissions to:
Back issues available at:
And:
Full text searching available at:
-------------------------------------------------------------------